projects / oweals / openwrt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b398332) | patch
curl: fix some security problems
authorHauke Mehrtens <hauke@hauke-m.de>
Fri, 10 Aug 2018 19:39:06 +0000 (21:39 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Fri, 10 Aug 2018 20:56:31 +0000 (22:56 +0200)
commit9bc43f3e65bc8e0bb3d0c5ea8ff906111197afb9
tree6c855135e0208b15092012d4c86363d19de846f6tree | snapshot
parentb3983323a1f25c936ddfcc129c454b282e90eeedcommit | diff
curl: fix some security problems

This fixes the following security problems:
* CVE-2017-1000254: FTP PWD response parser out of bounds read
* CVE-2017-1000257: IMAP FETCH response out of bounds read
* CVE-2018-1000005: HTTP/2 trailer out-of-bounds read
* CVE-2018-1000007: HTTP authentication leak in redirects
* CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write
* CVE-2018-1000121: LDAP NULL pointer dereference
* CVE-2018-1000122: RTSP RTP buffer over-read
* CVE-2018-1000301: RTSP bad headers buffer over-read

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
14 files changed:
package/network/utils/curl/Makefile diff | blob | history
package/network/utils/curl/patches/105-CVE-2017-1000254.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/105-CVE-2017-8816.patch [deleted file] blob | history
package/network/utils/curl/patches/106-CVE-2017-8817.patch [deleted file] blob | history
package/network/utils/curl/patches/107-CVE-2017-1000257.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/107-CVE-2017-8816.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/108-CVE-2017-8817.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/109-CVE-2018-1000005.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/110-CVE-2018-1000007.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/111-CVE-2018-1000120.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/112-CVE-2018-1000121.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/113-CVE-2018-1000122.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/114-CVE-2018-1000301.patch [new file with mode: 0644] blob
package/network/utils/curl/patches/320-mbedtls-nonblocking-handshake.patch diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.